Mapping index

baha1 · June 16, 2017, 3:48pm

Hi there,
i have a mapping of an index like below:

"mappings": {
    "error": { 
      "_all":       { "enabled": false  }, 
      "properties": { 
        "message":    { "type": "text"  }, 
        "date":     { "type": "text"  }, 
        "level":      { "type": "text" }  
      }
    }
  }

This is pipeline.conf:

    input {
            file {
            path => "c:/logstash.log"
            start_position => "beginning"
            sincedb_path => "/dev/null"
            codec => multiline {
            pattern => "^%{TIMESTAMP_ISO8601}"
            negate => false
            what => "previous"
       }}}
    filter {
    grok{
    	  match => { "message" => "%{TIME:timestamp} %{LOGLEVEL:LEVEL} %{GREEDYDATA:errormsg}" }}}
    output {
    if	"ERROR" in [LEVEL]
    {
    elasticsearch {
      hosts=>"localhost:9200"
      index => "errors"
      }}

Please how can put the result of match in each properties:for example:
date=timestamp;
level=LEVEL;
message=errormsg;

Thanks for help.

warkolm · June 18, 2017, 11:32am

That depends on what the event looks like.

system · July 16, 2017, 11:32am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash mapping sql xml column to elasticsearch index properties Logstash	4	720	December 24, 2019
Could not index event to elasticsearch not sure why Elasticsearch	4	1149	July 23, 2018
Logstash EXEC input Logstash	4	512	March 26, 2020
Could not index event to Elasticsearch, mapper [geoip.location] of different type Elasticsearch	5	571	October 1, 2020
No mapping found for [index] Elasticsearch	8	11423	April 26, 2017

Mapping index

Related topics